A recent report by Amnesty International linked an Indian cybersecurity firm, under the name of Innefu Labs, to an ongoing Android spyware program used to target prominent activists. The investigation comes straight from Amnesty International's team, who confirmed a case of espionage against a Togolese activist and also observed signs of spyware deployment across several key Asian regions.
According to Amnesty, the Android spyware has been linked to the Indian cybersecurity company after an IP address belonging to the company was repeatedly used for the distribution of the spyware payload.
The actual deployment could be the work of another group, the 'Donot Team' (APT-C-35), a collective of Indian hackers who have been targeting governments in Southeast Asia since at least 2018.
Amnesty notes that it's possible Innefu is not aware of how its customers or other third parties are using its tools. However, an external audit (which has not yet been accepted by Innefu) could reveal everything now that full technical details have come to light.
Innefu Labs denies any involvement with the Donot Team and the targeting of activists in a written letter to Amnest International.
"At the outset we firmly deny the existence of any link whatsoever between Innefu Labs and the spyware tools associated with the ‘Donot Team’ group and the attacks against a Human Rights Defender in Togo. As has already been stated by us in our previous letter, we are not aware of any ‘Donot Team’ or have any relationship with them.
In your letter dated 20.09.2021, references have been made to a Xiaomi Redmi 5A phone, which has allegedly accessed the IP address of Innefu Labs, and also of some other private VPN server to access the Ukrainian hosting company called Deltahost. We believe this phone does not belong to any person associated with Innefu Labs. Merely because our IP address has been accessed using this phone does not ipso facto conclude Innefu Labs’ involvement in any of the alleged activities" - Innefu Labs.
Iris sent a request for comment to Innefu Labs through multiple mediums, but we have yet to see a response. If you'd like to stay updated on this situation and many more in the cybersecurity space consider joining our newsletter.